Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/d51f64-5d06-4fc0-ab69-2cd98ee53569/1/ryg0GxYXpRCfK3purZmaYIJclvY.roa
File:                     ryg0GxYXpRCfK3purZmaYIJclvY.roa (raw, json)
Hash identifier:          zyICyUpF/xga1EgUcazas9UbMtGc/s9KzlvYHYD1SY8=
Subject key identifier:   AF:28:34:1B:16:17:A5:10:9F:2B:7A:6E:AD:99:9A:60:82:5C:96:F6
Certificate issuer:       /CN=8d84404e5f8a4b117ae44e73d53c44ecdd578342
Certificate serial:       0188D81D0E7A50AB7EBB45913C99192F5F40
Authority key identifier: 8D:84:40:4E:5F:8A:4B:11:7A:E4:4E:73:D5:3C:44:EC:DD:57:83:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jYRATl-KSxF65E5z1TxE7N1Xg0I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/d51f64-5d06-4fc0-ab69-2cd98ee53569/1/ryg0GxYXpRCfK3purZmaYIJclvY.roa
Signing time:             Tue 20 Jun 2023 09:22:42 +0000
ROA not before:           Tue 20 Jun 2023 09:22:42 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     208398
IP address blocks:        5.45.192.0/18 maxlen: 24
                          92.255.127.0/24 maxlen: 24
                          178.154.128.0/19 maxlen: 24
                          37.9.64.0/18 maxlen: 24
                          84.252.160.0/19 maxlen: 24
                          90.156.176.0/20 maxlen: 24
                          141.8.128.0/18 maxlen: 24
                          93.158.128.0/18 maxlen: 24
                          37.140.128.0/18 maxlen: 24
                          95.108.128.0/17 maxlen: 24
                          185.32.187.0/24 maxlen: 24
                          87.250.224.0/19 maxlen: 24
                          77.88.0.0/18 maxlen: 24
                          178.154.160.0/19 maxlen: 24
                          213.180.192.0/19 maxlen: 24
                          5.255.192.0/18 maxlen: 24
                          2a02:6b8::/29 maxlen: 48

Validation:               Failed, certificate revoked on Mon 01 Jan 2024 20:30:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:d8:1d:0e:7a:50:ab:7e:bb:45:91:3c:99:19:2f:5f:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d84404e5f8a4b117ae44e73d53c44ecdd578342
        Validity
            Not Before: Jun 20 09:22:42 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=af28341b1617a5109f2b7a6ead999a60825c96f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:01:2e:ab:8b:53:89:a6:ea:e4:e4:d6:ca:ea:
                    bf:cf:ef:80:bf:44:6f:03:b7:e7:9f:e7:fa:b4:e4:
                    9d:90:1b:d8:36:18:45:b6:6d:c8:73:c0:41:c4:41:
                    b2:34:a0:75:ce:0c:bc:33:22:98:dc:d7:6a:ed:65:
                    8b:95:d3:bc:71:c3:45:75:dd:8c:41:54:ed:70:0f:
                    6a:10:01:24:e5:82:32:18:28:47:cd:c2:b0:e7:a7:
                    4b:52:cf:5a:27:a3:7e:e5:0f:3d:10:47:da:2b:11:
                    a9:0f:e5:7d:0d:61:2c:4d:50:64:8c:af:3e:46:f3:
                    03:89:dd:cd:82:26:43:f5:67:69:76:e0:f8:f6:ac:
                    3d:f6:ca:9d:f3:f8:ee:73:31:e6:98:85:02:9e:e2:
                    ff:c1:de:62:44:13:14:f0:9a:47:a9:a5:b7:e9:38:
                    3b:ac:53:06:a0:17:f2:ea:9b:05:92:18:a7:ec:97:
                    2f:d1:11:2e:1b:02:12:44:ba:49:44:00:0c:ac:9f:
                    4a:16:db:0c:71:1d:f5:43:47:66:ae:93:38:9e:bb:
                    05:ea:ba:ab:09:e4:21:f8:cc:e1:cf:4a:c5:09:f9:
                    60:d2:5f:20:38:e5:00:e5:b2:87:48:52:fa:34:d0:
                    7b:8e:30:ed:6c:26:c9:da:8a:35:49:66:10:0d:4f:
                    69:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:28:34:1B:16:17:A5:10:9F:2B:7A:6E:AD:99:9A:60:82:5C:96:F6
            X509v3 Authority Key Identifier:
                keyid:8D:84:40:4E:5F:8A:4B:11:7A:E4:4E:73:D5:3C:44:EC:DD:57:83:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jYRATl-KSxF65E5z1TxE7N1Xg0I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/d51f64-5d06-4fc0-ab69-2cd98ee53569/1/ryg0GxYXpRCfK3purZmaYIJclvY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/d51f64-5d06-4fc0-ab69-2cd98ee53569/1/jYRATl-KSxF65E5z1TxE7N1Xg0I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.45.192.0/18
                  5.255.192.0/18
                  37.9.64.0/18
                  37.140.128.0/18
                  77.88.0.0/18
                  84.252.160.0/19
                  87.250.224.0/19
                  90.156.176.0/20
                  92.255.127.0/24
                  93.158.128.0/18
                  95.108.128.0/17
                  141.8.128.0/18
                  178.154.128.0/18
                  185.32.187.0/24
                  213.180.192.0/19
                IPv6:
                  2a02:6b8::/29

    Signature Algorithm: sha256WithRSAEncryption
         3d:60:ca:7f:39:ba:9d:df:db:e4:75:4e:09:be:57:60:4f:2e:
         03:10:ce:6d:c3:8f:f9:3d:50:a1:f0:5b:ce:8d:c2:9d:cf:3c:
         20:5d:81:3d:65:3a:b1:96:05:c4:73:17:2d:70:e4:9f:c9:25:
         79:24:37:66:c3:34:53:e1:5d:93:cc:8e:f8:20:ef:a1:29:4a:
         bd:84:97:34:25:88:7c:cf:35:08:aa:92:24:3d:84:fc:d0:8a:
         62:f8:40:ff:43:8c:53:d5:24:77:5c:00:fe:8d:b2:df:bb:0e:
         14:ad:ef:00:eb:06:5c:bf:31:bf:67:11:0a:90:b6:b0:18:0f:
         e9:1a:77:d0:e6:35:35:21:f9:8c:7f:db:89:ff:ff:3b:5b:96:
         40:53:2e:e6:97:8c:4f:95:87:36:51:d3:3d:91:1b:d8:b1:29:
         18:80:e9:e4:25:63:6d:a4:b9:6f:48:58:18:c3:19:73:72:2d:
         fa:e9:36:24:9a:84:63:de:86:9e:61:fa:00:67:69:8c:c5:e3:
         e6:81:16:f0:0d:c8:07:b7:8a:9a:64:32:b8:cd:65:b4:0a:60:
         02:5c:5d:3f:e7:5d:99:2e:0e:7b:28:ca:ad:a6:74:4e:38:f4:
         31:9b:b3:73:87:f4:35:47:1e:eb:65:a3:74:a6:30:ca:d9:24:
         f4:a5:d4:05
-----BEGIN CERTIFICATE-----
MIIFYTCCBEmgAwIBAgISAYjYHQ56UKt+u0WRPJkZL19AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkODQ0MDRlNWY4YTRiMTE3YWU0NGU3M2Q1M2M0NGVjZGQ1
NzgzNDIwHhcNMjMwNjIwMDkyMjQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjI4MzQxYjE2MTdhNTEwOWYyYjdhNmVhZDk5OWE2MDgyNWM5NmY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqwEuq4tTiabq5OTWyuq/z++Av0Rv
A7fnn+f6tOSdkBvYNhhFtm3Ic8BBxEGyNKB1zgy8MyKY3Ndq7WWLldO8ccNFdd2M
QVTtcA9qEAEk5YIyGChHzcKw56dLUs9aJ6N+5Q89EEfaKxGpD+V9DWEsTVBkjK8+
RvMDid3NgiZD9WdpduD49qw99sqd8/juczHmmIUCnuL/wd5iRBMU8JpHqaW36Tg7
rFMGoBfy6psFkhin7Jcv0REuGwISRLpJRAAMrJ9KFtsMcR31Q0dmrpM4nrsF6rqr
CeQh+Mzhz0rFCflg0l8gOOUA5bKHSFL6NNB7jjDtbCbJ2oo1SWYQDU9piwIDAQAB
o4ICbTCCAmkwHQYDVR0OBBYEFK8oNBsWF6UQnyt6bq2ZmmCCXJb2MB8GA1UdIwQY
MBaAFI2EQE5fiksReuROc9U8ROzdV4NCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvallSQVRsLUtTeEY2NUU1ejFUeEU3TjFYZzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS9kNTFmNjQtNWQwNi00ZmMwLWFiNjkt
MmNkOThlZTUzNTY5LzEvcnlnMEd4WVhwUkNmSzNwdXJabWFZSUpjbHZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS9kNTFmNjQtNWQwNi00ZmMwLWFiNjktMmNkOThlZTUzNTY5
LzEvallSQVRsLUtTeEY2NUU1ejFUeEU3TjFYZzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGCBggrBgEFBQcBBwEB/wRzMHEwYAQCAAEwWgMEBgUtwAME
BgX/wAMEBiUJQAMEBiWMgAMEBk1YAAMEBVT8oAMEBVf64AMEBFqcsAMEAFz/fwME
Bl2egAMEB19sgAMEBo0IgAMEBrKagAMEALkguwMEBdW0wDANBAIAAjAHAwUDKgIG
uDANBgkqhkiG9w0BAQsFAAOCAQEAPWDKfzm6nd/b5HVOCb5XYE8uAxDObcOP+T1Q
ofBbzo3Cnc88IF2BPWU6sZYFxHMXLXDkn8kleSQ3ZsM0U+Fdk8yO+CDvoSlKvYSX
NCWIfM81CKqSJD2E/NCKYvhA/0OMU9Ukd1wA/o2y37sOFK3vAOsGXL8xv2cRCpC2
sBgP6Rp30OY1NSH5jH/bif//O1uWQFMu5peMT5WHNlHTPZEb2LEpGIDp5CVjbaS5
b0hYGMMZc3It+uk2JJqEY96GnmH6AGdpjMXj5oEW8A3IB7eKmmQyuM1ltApgAlxd
P+ddmS4OeyjKraZ0Tjj0MZuzc4f0NUce62WjdKYwytkk9KXUBQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:44:21 2024 by rpki-client on console-ams.rpki-client.org